Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Vietnam: MPS requests comments on Standards on Cybersecurity for Critical Information Systems
On June 8, 2024, the Ministry of Public Security (MPS) requested comments on the draft National Standards on Cybersecurity for Critical Information Systems on National Security. Specifically, the Standard outlines cybersecurity requirements for information systems important to national security.
In clarifying risks, the Standard defines 'cybersecurity risk' as the possibility of exposure or loss due to a cyber attack or data breach within an agency, organization, or unit. Cybersecurity risk lies not only in the possibility of a cyber attack, but also in the potential consequences, such as financial loss, reputational damage, or operational disruption.
In particular, the Standard provides obligatory cybersecurity requirements in order to identify and control potential IT risks, including:
- establishing and maintaining cybersecurity risk management processes;
- hardware, software, and information asset management;
- secure configuration management for devices and software;
- user account and access management;
- protections for web apps and email;
- malware prevention management;
- network infrastructure and network security monitoring and defense management;
- organizations personnel for operationalizing and administering network security;
- establishing and maintaining an inventory of service providers; and
- establishing processes related to security incident management and penetration testing management.
Public comments may be submitted until October 6, 2024.
You can access the content page for the Standard here and the Standard here, both only available in Vietnamese.